Re: SA Login

From: BP Margolin (bpmargo@attglobal.net)
Date: 08/15/02 

From: "BP Margolin" <bpmargo@attglobal.net>
Date: Wed, 14 Aug 2002 19:50:08 -0400

Boris,

1. To make your solution feasible, one would also have to either change the
permissions, or completely remove, the BUILTIN\Administrators group.

2. Suppose that the client wants to apply the latest security patch to the
SQL Server instance. Without any way to login as a member of the SysAdmin
group, how is the client supposed to do that?

3. In short, and I really don't mean for this to sound harsh, your proposal
is a bit like buying a home security system from a vendor, but only the
vendor can change the password. Would you really feel safe using that
particular security system. :-)

-------------------------------------------
BP Margolin
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.

"Boris Nikolaevich" <boris@nikolaevich.mailshell.com> wrote in message
news:#4Flbr#QCHA.1648@tkmsftngp09...
> When you create a new instance of SQL Server 2000 on a given server, does
> that create a different SA account for that instance?
>
> If so, you could install a new instance of SQL Server, giving SA a custom
> password for that new instance and load your proprietary DB in that new
> instance.
>
> That way, the client could go on his merry way administering the databases
> in the default instance, and you would still have some additional
> technological protection.
>
> Of course, I haven't tried this, and I'm hoping someone can verify whether
> this would work. Additionally, there's the SQL 2000 requirement--if
you're
> running an earlier version, this instancing idea won't work!
>
> HTH,
> Boris
>
>
> "Antony" <mastersons@onetel.net.uk> wrote in message
> news:27cd01c243c7$504fdfc0$39ef2ecf@TKMSFTNGXA08...
> > We are using sql authentication, the client insists on
> > having the SA login to maintain other dB's on the same
> > server. Is there a way to deny the SA login access to a
> > particular DB but maintain it's right for other DB's on
> > the server.
> > The built in NT login has been denied access.
> >
> >
> >
>
>

Relevant Pages

  • Re: Access link table security
    ... onerous chore of creating DSN's on each client. ... >and SQL Server is on the same machine. ... >How and where do I set at the Access frontend so that I can choose the login ... >change the login name for the Access frontend, do I need to play with ODBC ...
    (microsoft.public.sqlserver.security)
  • no prompt on linked table
    ... I am hoping that someone might know a way to turn off the SQL Server Login ... request on how to first get the user id and password from the user. ... I can then pass the error information back to the client ...
    (microsoft.public.access.security)
  • no prompt on linked table
    ... am hoping that someone might know a way to turn off the SQL Server Login ... This will bring up a SQL Login dialog because dbo_JTEST is a linked table ... request on how to first get the user id and password from the user. ... I can then pass the error information back to the client ...
    (microsoft.public.access.security)
  • Re: Login fails on trusted connection to ms-sql 2000
    ... machine and give it rights in SQL Server, ... and/or changing the default client side sql network libraries in use... ... > Upon running application on client, i get message 'Login ...
    (microsoft.public.sqlserver.security)
  • Re: Login failed for user ServernameGuest
    ... You cannot have SQL Server refer to an account on another machine, ... > On the Client computer I have a user CRAIS3. ... Computer Management) and looked at this login (Local ...
    (microsoft.public.sqlserver.server)